06-06-2019 10:11 AM
Hi,
Does anyone have any idea how to configure Anyconnect to obtain a static ip address when using an MFA app like Azure MFA. At the moment I have an ASA pointed towards a Microsoft NPS server with the Azure MFA extension. I have configured each user with a static ip address under the dial in tab. Without the MFA authentication, i.e. just authenticating against AD, the attributes can be passed down from the NPS server towards the ASA, but as soon as you enable the Azure MFA in the NPS - the attributes stop being passed down.
I have also tried pointing the ASA at an ACS, which is configured to act as a Radius proxy, which then queries the NPS/MFA setup, with an identical user account also created in the ACS and a static ip address configured under each user account. But this fails too - due to 'Radius client encountering an error during processing flow'.
I am now beginning to wonder if it is at all possible to configure a static ip address alongside a MFA solution, whether that is Azure/Duo etc. Can anyone help in anyway on this?
06-07-2019 02:26 AM
06-07-2019 05:43 PM
If you're using OATH or SMS for the 2FA challenge then you're hitting a limitation with the MFA NPS extension"
I've seen this AV pairs returned just fine with the App verification/Phone call.
HTH.
02-24-2020 03:15 PM
Hi
Were you able to get to the bottom of this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide